Information Security Management – Assignment Example

Download full paperFile format: .doc, available for editing

The paper “ Information Security Management” is a thoughtful example of an assignment on logic & programming. Data miners have also had serious violations of privacy. The law allows data mining for the sake of collection of personal information for various uses including census, budgeting, and finance. Such private data may include patient’ s number, race, ZIP code, birth date, gender, diagnosis and procedure codes, overall medical costs, physician ID, and ZIP code. In view of the fact that such information does not include the patient’ s name, phone number, address, and social security number, the idea that a patient’ s privacy would be violated may seem far-fetched.

Nonetheless, such data can be cross-linked with other databases to create a general profile of the patient, and thus opening up routes to blackmailing individuals. Cooper and Collman (2005) observed that the trail of information, including IP addresses left behind by users of the World Wide Web, has been linked with hospital databases containing information relating to DNA. This poses risks to data privacy. Laws and regulations governing the use and divulgence of private information are less robust, incomplete, and fragmented.

US laws on privacy do not adequately address the issue of information privacy. This paper will address hacking issues using WebGoat.     Part A – Description of the scenarios in each stage compared them to real-world cases. The case here is to demonstrate that hackers steal people's credit cards, their online information, and their banking information in order to feel they can hide completely behind the people they steal from The purpose of this case is to steal credit using Stored XSS" stage, use SQL injection and Command Injection. In the Stored XSS" stage, the credit card details will be stolen using the data that is stored using the source code.

This is done bypassing the presentation layer access control bypass using java scripts. Here the Hacker clicks the "Stored XSS" stage and contuses with the attack. This made possible by replacing the JavaScript with the desired code. Then malicious information is input as shown below; The figure below shows entry into the system in WebGoat site The second stage is SQL injection. This is when the credit card is stolen using SQL injection all possible inputs are taken into consideration as shown in the screenshot below This is done using the following code in SQL injection The code shows how various input is used to affect the security of the systemThe third stage is very severe as the hacker Defaces the site by injecting the command with the intention of accessing the web main page.

Here the command was injected and the website showed t what was altered. The command that worked was DOS FIND to find the file to change.

This file was overwritten using the following command Then I craft another command to overwrite that file. Pay attention to The network security element of subnetting improves security by way of splitting an Internet Protocol or IP address anywhere within its 4-byte (or 32-bit) address. Also called subnet addressing, this technology can fundamentally allow for the division of networks into three components— the network, subnet address, and host. There are several advantages offered by subnetting. It can cut down on network traffic because broadcasting to hosts becomes restrained to individual subnets. It affords flexibility by way of allowing the customization of the number of hosts and subnets for every organization.

Subnets improve address utilization, minimally impacts on externally located routers, and also reflects the physical network. A drawback, however, is that a network administrator would need to fully comprehend the creation and management of subnetting.

References

Abu Ali et al, 2010. The Benefits of Using Internet Protocol Version 6 (IPv6). International Review on Computers & Software.

Van Iljitsch, B., 2007. Everything you need to know about IPv6.The engineers who design the machinery deep inside the bowels of the Internet..

Cassat, P. Legal Issues in computer and network security. Retrieved September 26, 2016, from

Ciampa, M. (2008). Security+ guide to network security fundamentals. Cengage Learning. Curtin, M. (1997, March). Introduction to network security. September 26, 2016, from

Curtiss, P. (n.d.). Network security and security in the industry. Retrieved September 26, 2016, from

Douligeris, C., and Serpanos, D. (2007). Network security: current status and future directions. New York: John Wiley and Sons

Huang, S., MacCallum, & Du, D. (eds.). (2010). Network security. New York: Springer.

Jain, Raj. Network security concepts. (n.d.). Retrieved September 26, 2016, from

Joshi, J. (2008). Network security: know it all.

Kaufmann, M., 2011. Juniper networks, inc. (n.d.). Retrieved September 26, 2016, from

Longstaff, T., et al. (1998). Security of the internet. Retrieved September 26, 2016, from

Maiwald, E. (2003). Network security: a beginner's guide. McGraw-Hill Professional

Minnesota Computing Companies. (n.d.). Retrieved September 26, 2016, from

Niccolai, J., 1999. The Internet demands fuel need for Version 6 of IP protocol. InfoWorld, 21. 27.

Nokia Siemens Network. (2011). Network security: An imperative for the global economy. Retrieved September 26, 2016, from http://www.nokiasiemensnetworks.com/sites/ default/ files/document/network_security_an_imperative_for_the_global_economy_0.pdf

Pardoe, T., and Snyder, G., (2005). Network security. Cengage Learning

Tipton, H. F., & Nozaki, M. K. (2012). Information security management handbook. Broken Sound Parkway: CRC Press.

White, C. M. (2011). Data communications and computer networks: A business user’s approach. Boston: Course Technology.

Download full paperFile format: .doc, available for editing
Contact Us